Hello
I consider to use virtual smart card (VSC) as passwordless authentication method in our Windows machines. It works well, but of course I would also like to rid of passwords in VPN (IPsec running on PFsense authenticated by AD passwords via Radius). Certificate with private key is stored on VSC (protected by TPM chip). All certificates and keys are provided by Active Directory Certificate Services. If I try connect my VPN through VSC, I am asked for PIN and then I get an error "IKE authentication credentials are unaceptable". Any idea what can be wrong?
We use PFsense 2.4.3
I took Windows CA root certificate and imported it to the PFsense as new Certificate authority.
I took client certificate with private key and upload it to the PFsense as certificate.
This is settings of my IPsec
P1
IKEv2
IPv4
WAN
Auth. method: EAP-TLS
My identifier:...
↧
Virtual Smart Card authentication for IPsec VPN on pfSense
↧